How to recognize a potential Phishing Attack
One of the most common threats we all face in this age of digital communications is the Phishing scam. These scams are looking to trick you into giving them money or sensitive data like your logins, which then allow them to hijack your related accounts and lock you out.
There are a few different types of Phishing attack types, which fall into roughly 5 categories:
- Phishing: Un-Targeted, blanket communication, where they are playing the numbers in hopes that a small number of recipients will fall into their trap.
- Clone phishing: Attempting to fool the recipient into seeing this as a legitimate email by copying or cloning other actual emails and senders.
- Spear phishing: This is when a user or organization is being targeted, typically affecting a small number of recipients.
- Vishing: Voice Phishing where the attacker will attempt to collect sensitive information, like logins from your cell phone. In most cases, they will pretend to be calling on behalf of a recognizable company like Microsoft.
- Whaling: Similar to Spear Phishing but typically only targets a single high-profile target, like a company CEO or other executive.
There are a few red flags which you can use to recognize a potential Phishing attack against you.
- Compromised email mailboxes/accounts
One of the most common ways that you can be targeted by a phishing attack is when your mailbox or that of a colleague are hacked or otherwise compromised. This will typically appear to come from a person whom you have communicated with before. But if you look closely, typically the actual email address of the sender will be different.
- Hyperlinks in the body of the email
Often times a phishing email will include a link in the body of the message. With some ploy to get you to click that link, like a message saying “Thought of you when I saw this. Check it out!”.
- An unusual way of speaking (writing)
Another possible red flag for a phishing email is when the writing seems strange with broken sentences or incorrect usage of words or phrases
- Random email name, a sign of a disposable email account
Most of the actual email accounts sending these phishing scam emails are disposable. So, they will typically generate a ton of email accounts using random charters for an email address which normally legitimate users won’t use for their email addresses. For example, you might get an email from firstname.lastname@example.org or some other Free email host.
- Asking for any information like logins or other sensitive information
Most Phishing is going to want two things from you involving your data, most importantly, logins for your accounts, so they can take over and lock you out. Or they will want you to send them money, usually with some outlandish nonsense, like paying for shipping of a million dollars of lost money or to collect some inheritance from a long-lost prince relative.
Phishing Scam Email Example
Here is an actual excerpt from a Phishing Scam email I received, from a fake department at some airport. I am being offered 2 trunks which contain some 4 million dollars, so long as I pay this stranger who is offering this to me for no apparent reason:
As I did say again, the shipper abandoned it and ran away. Most importantly because he gave a false declaration, he could not pay for the yellow tag, he could not secure a valid non-inspection document(s), etc. I am ready to assist you in any way I can for you to get back this packages provided you will also give me something out of it (financial gratification). You can either come in person or you engage the services of a secure shipping/delivery Company/agent that will provide the necessary security that is required to deliver the package to your doorstep or the destination of your choice. I need all the guarantee that I can get from you before I can get involved in this project. Please Reply this email strictly at(scammers email was here) with reconfirmation of your Full Name, Home Address, City, State and Telephone number.
One of the most important lessons to take away here is just to be careful and use common sense. If you didn’t request any of this then why are you getting this message? Would the person who sent this message really be sending you a link to some video or website and say anything in the “This Made me think of you!”
While some of the red flags identified here can help you to avoid most of the phishing attempts out there, there are other factors to consider as well, like where is your email being hosted? Many free accounts like Gmail don’t have the same kind of security measures in place you might think you have. We can help you seamlessly block most of these by implementing our best practices like moving your email to a secure host. Also, we will add layers of security from our computer Firewall & Antivirus to protect you, your data and money.